diff options
| author | Jay Mundrawala <jdmundrawala@gmail.com> | 2016-01-22 14:53:49 -0800 |
|---|---|---|
| committer | Jay Mundrawala <jdmundrawala@gmail.com> | 2016-01-25 09:54:21 -0800 |
| commit | 6e784ba749b543b13f667a2e267877f0d54141cb (patch) | |
| tree | 9da2c4eb2b35f0fffc22cba70644670edc4f2831 | |
| parent | 724c32510f097ebdffdcc387392862a9ae5f835c (diff) | |
| download | chef-6e784ba749b543b13f667a2e267877f0d54141cb.tar.gz | |
Skip Version0 encrypted databag tests when in fips mode
aes-256-cbc does not seem to work when openssl is in fips mode.
The only other reference I could find to this was:
https://access.redhat.com/solutions/176633
| -rw-r--r-- | spec/spec_helper.rb | 1 | ||||
| -rw-r--r-- | spec/support/platform_helpers.rb | 4 | ||||
| -rw-r--r-- | spec/unit/encrypted_data_bag_item_spec.rb | 2 | ||||
| -rw-r--r-- | spec/unit/http/ssl_policies_spec.rb | 2 |
4 files changed, 7 insertions, 2 deletions
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index e69d61a7b3..378381ddcc 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -165,6 +165,7 @@ RSpec.configure do |config| config.filter_run_excluding :aes_256_gcm_only => true unless aes_256_gcm? config.filter_run_excluding :broken => true config.filter_run_excluding :not_wpar => true unless wpar? + config.filter_run_excluding :not_fips => true unless fips? running_platform_arch = `uname -m`.strip unless windows? diff --git a/spec/support/platform_helpers.rb b/spec/support/platform_helpers.rb index 0259dc6dfb..a29cb61d00 100644 --- a/spec/support/platform_helpers.rb +++ b/spec/support/platform_helpers.rb @@ -204,6 +204,10 @@ def aes_256_gcm? OpenSSL::Cipher.ciphers.include?("aes-256-gcm") end +def fips? + ENV["CHEF_FIPS"] == "1" +end + class GCEDetector extend Ohai::Mixin::GCEMetadata end diff --git a/spec/unit/encrypted_data_bag_item_spec.rb b/spec/unit/encrypted_data_bag_item_spec.rb index 796ad8ff5b..ee69ecfddc 100644 --- a/spec/unit/encrypted_data_bag_item_spec.rb +++ b/spec/unit/encrypted_data_bag_item_spec.rb @@ -290,7 +290,7 @@ describe Chef::EncryptedDataBagItem::Decryptor do end - context "when decrypting a version 0 (YAML+aes-256-cbc+no iv) encrypted value" do + context "when decrypting a version 0 (YAML+aes-256-cbc+no iv) encrypted value", :not_fips do let(:encrypted_value) do Version0Encryptor.encrypt_value(plaintext_data, encryption_key) end diff --git a/spec/unit/http/ssl_policies_spec.rb b/spec/unit/http/ssl_policies_spec.rb index 98f1fa9c37..510a1a66bc 100644 --- a/spec/unit/http/ssl_policies_spec.rb +++ b/spec/unit/http/ssl_policies_spec.rb @@ -109,7 +109,7 @@ describe "HTTP SSL Policy" do Chef::Config[:ssl_client_cert] = CHEF_SPEC_DATA + "/ssl/chef-rspec.cert" Chef::Config[:ssl_client_key] = CHEF_SPEC_DATA + "/ssl/chef-rspec.key" expect(http_client.cert.to_s).to eq(OpenSSL::X509::Certificate.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.cert")).to_s) - expect(http_client.key.to_s).to eq(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.key")) + expect(http_client.key.to_s).to eq(OpenSSL::PKey::RSA.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.key")).to_s) end end |